From owner-freebsd-advocacy Wed Sep 20 4:29: 0 2000 Delivered-To: freebsd-advocacy@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 3BE9737B422; Wed, 20 Sep 2000 04:28:56 -0700 (PDT) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id HAA810694; Wed, 20 Sep 2000 07:28:54 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20000920011859.V66839@jade.chc-chimes.com> References: <89731E9AF92BD411869200D0B71BB4DC0FC297@ASERVER> <200009191942.e8JJgMc03338@gits.dyndns.org> <20000920001652.U66839@jade.chc-chimes.com> <39C83CC6.9BCD1F32@confusion.net> <20000919221242.O367@149.211.6.64.reflexcom.com> <20000920011859.V66839@jade.chc-chimes.com> Date: Wed, 20 Sep 2000 07:28:57 -0400 To: Bill Fumerola , cjclark@alum.mit.edu From: Garance A Drosihn Subject: Re: wats so special about freeBSD? Cc: freebsd-advocacy@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 1:18 AM -0400 9/20/00, Bill Fumerola wrote: >On Tue, Sep 19, 2000 at 10:12:42PM -0700, Crist J . Clark wrote: > > > I use FreeBSD and it cannot be said FreeBSD is not one of the > > more secure OSes out there (with the standard caveat, "when > > properly configured"), but I think OpenBSD has every right to > > make the claims they do. > >I never questioned the right to make the claims (they've earned >it), but I just wondered if people just read what everyone else >says about each BSD and accepts as the gospel truth or actually >uses this old crusty tool called research. Based on my quick overview of both, OpenBSD does seem better for some things, and I'd loosely define those things as "security". FreeBSD has only been serious about security audits for a short time, and for part of that auditing, the first step is usually "Let's see what OpenBSD has done in this component". That happens much more than "Let's see what Microsoft has done in this area for security", or "Let's see what Linux has done for security". If WE are using OpenBSD as a reference for code-auditing, it seems silly to get our backs up in the air when someone else references OpenBSD as "most secure". Furthermore, OpenBSD does decide to "button down" it's default configuration more than FreeBSD does. That is it's choice, and for some people that choice is reassuring. One of the guys on the staff here wanted to use "some decent unix" for doing DHCP & DNS, and for his purposes OpenBSD's "button down" attitude was and is reassuring. He is not a die-hard unix wizard, and he does not want these machines broken into because "he forgot" to disable some stupid service he does not need, but did not realize he does not need. If it was not for his confidence in OpenBSD on that issue, we might still be running WinNT for DHCP, and trying to figure out how to use WinNT for DNS too (shudder). While I have no concerns about FreeBSD's security, I do think there will always be a place for OpenBSD's focus. I think it does all of us BSD's good to have someone in our group who is "competing" on security issues, and thus keeping all of us focused on that. Without that, we will focus on Microsoft, and that path will be an endless stream of adding features without any concern for security issues. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message